The VERITAS Backup Exec Remote Agent uses hard-coded authentication credentials. An attacker with knowledge of these credentials could access arbitrary files on a vulnerable system.
VERITAS Backup Exec Remote Agent is a data backup and recovery solution with support for over-the-network backup. The standard port for the Remote Agent is 10000/tcp. The VERITAS Backup Exec Remote Agent uses a hard-coded, encrypted root password. An attacker with knowledge of this password and access to the Remote Agent may be able to retrieve arbitrary files from a vulnerable system. For more information, please refer to SYM05-011.
Note according to public reports, this vulnerability is actively being exploited.
A remote attacker may be able to gain access to, and retrieve arbitrary files from a target system.
Apply a security update
This vulnerability was reported by Symantec.
This document was written by Jeff Gennari.
|Date First Published:||2005-08-12|
|Date Last Updated:||2007-01-12 21:42 UTC|